I'm trying to write a script that will use the web form that is hooked into a mysql database to check if a user exists in the DB and if they have an e-mail. So I was thinking this would be possible to do through something like PHP but I've never done it before so I'm foggy on how it might be done.

The following PHP script is a simplified version of the page I believe you're trying to access. It compares the POST user variable to a list of user names (users.db) and returns whether or not the POST user is a valid user. The type of back-end really isn't relevant. You ultimately just need to iterate through a list of users and identify a unique string that signifies a valid user in the page that's returned.

(Edit: You'll get a PHP Notice / blank page if you don't supply user via POST; I obviously didn't include any error checking.)

If you have the SQLi POST string, all you have to do is replace the username/email/whatever and perform text-matching like I did above. If you want to do this with Python and make it sexier, you can start by researching the urllib library.

Last edited by dynamik on Tue May 08, 2012 6:03 pm, edited 1 time in total.